View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002512||OXID eShop (all versions)||4.02. Session handling||public||2011-02-11 18:10||2011-07-01 13:44|
|Product Version||4.4.6 revision 32697|
|Target Version||Fixed in Version||4.5.1 revision 38045|
|Description||when surfing WITHOUT cookies enabled in a oxid-shop, in which the dynamic content cache had been filled before by a user WITH cookies enabled, you loose your session.|
|Steps To Reproduce||-open two browsers, A) with cookies disabled B) with cookies enabled|
-use B) to open admin, active caching, delete cache
-use B) to surf around in frontend. Put something into your basket, open categories, article-details, etc
-now use A) to surf around in the frontend. Put something into your basket and you'll get a forced_sid, alright. Now keep surfing, open a category you visited with B) before, an article - and very soon you'll notice the session-loss.
--> problem seems to be, that cookie-surfers leave no SIDs in the cache (which is fine). If a cookieless-surfers uses the cache, the links in it still contain no SID. Clicking such a link looses the sid in the url and the session is lost.
You should make sure, that when you proccess the cache and isSidNeeded is true, you add a SID to every link, to only replace old sids.
|Tags||No tags attached.|